Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear"above the fold." Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve - screaming logos and headers!
Since scare tactics seem to be at the very least start considering the issue, or what compels some people to take how to fix hacked wordpress site a bit more seriously, let me shoot a few scare tactics your way.
Don't make the mistake of believing that your hosting company will have your back so far as WordPress copies go. Not always. It has been my experience that the hosting company view it may or may not be doing backups, while they say that they do. Take that kind of additional info chance?
There's a section of config-sample.php that is headed"Authentication Unique Keys." There are four definitions that appear within the block. A hyperlink is inside that section of code. You want to enter that link into your browser, copy the contents that you get back, and replace the keys you have with the unique, pseudo-random keys provided by the site. This makes it harder for attackers to automatically create a"logged-in" cookie for your site.
You can also make a firewall that blocks hackers from infiltrating your blogs. From coming to your own files, Continue the firewall prevents the hacker. You also have to have updated version of Apache. Upgrade your PHP. It's essential that your system is always filled with upgrades.
Do not use wp_ as a prefix for your own databases. Most web hosting providers are removing that default but if yours does not, adjust wp_ to anything else but that.